xwayland (2:24.1.6-1ubuntu1) questing; urgency=medium

  * SECURITY UPDATE: Out-of-bounds access in X Rendering extension
    - debian/patches/CVE-2025-49175.patch: avoid 0 or less animated cursors
      in render/animcur.c, render/render.c.
    - CVE-2025-49175
  * SECURITY UPDATE: Integer overflow in Big Requests Extension
    - debian/patches/CVE-2025-49176.patch: do not overflow the integer size
      with BigRequest in dix/dispatch.c, os/io.c.
    - CVE-2025-49176
  * SECURITY UPDATE: Data leak in XFIXES Extension 6
    - debian/patches/CVE-2025-49177.patch: check request length for
      SetClientDisconnectMode in xfixes/disconnect.c.
    - CVE-2025-49177
  * SECURITY UPDATE: Unprocessed client request via bytes to ignore
    - debian/patches/CVE-2025-49178.patch: account for bytes to ignore when
      sharing input buffer in os/io.c.
    - CVE-2025-49178
  * SECURITY UPDATE: Integer overflow in X Record extension
    - debian/patches/CVE-2025-49179.patch: check for overflow in
      RecordSanityCheckRegisterClients() in record/record.c.
    - CVE-2025-49179
  * SECURITY UPDATE: Integer overflow in RandR extension
    - debian/patches/CVE-2025-49180-1.patch: check for overflow in
      RRChangeProviderProperty() in randr/rrproviderproperty.c.
    - CVE-2025-49180

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 20 Jun 2025 08:39:52 -0400

xwayland (2:24.1.6-1) unstable; urgency=medium

  * New upstream release. Fixes:
    - CVE-2025-26594: use-after-free of the root cursor
    - CVE-2025-26595: buffer overflow in XkbVModMaskText
    - CVE-2025-26596: heap overflow in XkbWriteKeySyms
    - CVE-2025-26597: buffer overflow in XkbChangeTypesOfKey
    - CVE-2025-26598: out-of-bounds write in CreatePointerBarrierClient
    - CVE-2025-26599: use of uninitialized pointer in compRedirectWindow
    - CVE-2025-26600: use-after-free in PlayReleasedEvents
    - CVE-2025-26601: use-after-free in SyncInitTrigger
    (Closes: #1098907).

 -- Emilio Pozuelo Monfort <pochu@debian.org>  Wed, 26 Feb 2025 10:22:59 +0100

xwayland (2:24.1.5-1) unstable; urgency=medium

  * New upstream release.
  * patches: Drop upstreamed patches.
  * xwayland-Detect-gbm_bo_get_fd_for_plane-at-runtime.patch: Dropped,
    likely unneeded by now for Xilinx.

 -- Timo Aaltonen <tjaalton@debian.org>  Thu, 06 Feb 2025 09:56:57 +0200

xwayland (2:24.1.4-3) unstable; urgency=medium

  [ Alessandro Astone ]
  * Add patch to fix possible crash after the previous backport
    (LP: #2096653)

 -- Timo Aaltonen <tjaalton@debian.org>  Mon, 27 Jan 2025 13:17:11 +0200

xwayland (2:24.1.4-2) unstable; urgency=medium

  [ Alessandro Astone ]
  * Backport patch to fix busy-loop on inactive VT (LP: #2043517)

 -- Timo Aaltonen <tjaalton@debian.org>  Mon, 16 Dec 2024 14:27:57 +0200

xwayland (2:24.1.4-1) unstable; urgency=medium

  * New upstream release
    + CVE-2024-9632: Heap-based buffer overflow privilege escalation in
      _XkbSetCompatMap (closes: #1086244)

 -- Timo Aaltonen <tjaalton@debian.org>  Wed, 30 Oct 2024 12:01:08 +0200

xwayland (2:24.1.3-1) unstable; urgency=medium

  * New upstream release.

 -- Timo Aaltonen <tjaalton@debian.org>  Wed, 16 Oct 2024 13:13:19 +0300

xwayland (2:24.1.2-1) unstable; urgency=medium

  * New upstream release.
  * control: Bump libdrm-dev build-dependency. (Closes: #1076005)
  * patches: Refreshed.
  * control: Migrate to pkgconf.

 -- Timo Aaltonen <tjaalton@debian.org>  Thu, 08 Aug 2024 09:56:38 +0300

xwayland (2:24.1.0-1) unstable; urgency=medium

  * New upstream release.

 -- Timo Aaltonen <tjaalton@debian.org>  Wed, 15 May 2024 16:57:31 +0300

xwayland (2:24.0.99.901-1) experimental; urgency=medium

  * New upstream release candidate.
  * patches: Refreshed.

 -- Timo Aaltonen <tjaalton@debian.org>  Fri, 26 Apr 2024 13:27:37 +0300

xwayland (2:23.2.6-1) unstable; urgency=medium

  * New upstream release.
    - CVE-2024-31080
    - CVE-2024-31081
    - CVE-2024-31083
  * control: Add libtirpc-dev to build-depends. (Closes: #1065184)

 -- Timo Aaltonen <tjaalton@debian.org>  Sat, 13 Apr 2024 16:58:45 +0300

xwayland (2:23.2.4-1) unstable; urgency=medium

  * New upstream release
    - CVE-2023-6816
    - CVE-2024-0229
    - CVE-2024-21885
    - CVE-2024-21886
    - CVE-2024-0408
    - CVE-2024-0409

 -- Julien Cristau <jcristau@debian.org>  Wed, 17 Jan 2024 11:20:05 +0100

xwayland (2:23.2.3-1) unstable; urgency=medium

  * New upstream release.
    - CVE-2023-6377
    - CVE-2023-6478

 -- Timo Aaltonen <tjaalton@debian.org>  Wed, 13 Dec 2023 10:35:39 +0200

xwayland (2:23.2.2-1) unstable; urgency=medium

  * New upstream release.
    - CVE-2023-5367
    - CVE-2023-5380
    - CVE-2023-5574
  * control: Add libdecor-0-dev to build-depends. (Closes: #1054529)

 -- Timo Aaltonen <tjaalton@debian.org>  Wed, 25 Oct 2023 10:51:36 +0300

xwayland (2:23.2.1-1) unstable; urgency=medium

  * New upstream release.

 -- Timo Aaltonen <tjaalton@debian.org>  Wed, 20 Sep 2023 16:09:23 +0300

xwayland (2:23.2.0-1) unstable; urgency=medium

  * New upstream release.
  * patches: Refreshed.
  * control: Bump x11proto-dev depends.

 -- Timo Aaltonen <tjaalton@debian.org>  Wed, 16 Aug 2023 15:27:59 +0300

xwayland (2:23.1.1-1) experimental; urgency=medium

  * New upstream release.
  * control: Fix cross-building, add libwayland-dev:native to build-
    depends. (Closes: #1002515)

 -- Timo Aaltonen <tjaalton@debian.org>  Thu, 11 May 2023 13:10:04 +0300

xwayland (2:23.1.0-1) experimental; urgency=medium

  * New upstream release.
  * patches: Refreshed.
  * install: Add desktop file.

 -- Timo Aaltonen <tjaalton@debian.org>  Fri, 24 Mar 2023 11:26:25 +0200

xwayland (2:22.1.8-1) unstable; urgency=medium

  * New upstream release.
    - CVE-2023-0494

 -- Timo Aaltonen <tjaalton@debian.org>  Tue, 07 Feb 2023 15:14:38 +0200

xwayland (2:22.1.7-1) unstable; urgency=medium

  * New upstream release.
  * rules, install: Ship the .pc file. (Closes: #1025742)
  * rules: Enable full hardening flags. (Closes: #1026168)

 -- Timo Aaltonen <tjaalton@debian.org>  Tue, 24 Jan 2023 09:37:32 +0200

xwayland (2:22.1.6-1) unstable; urgency=medium

  * New upstream release.
    - CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343,
      CVE-2022-46344, CVE-2022-4283
  * Add signing-key from Peter Hutterer.

 -- Timo Aaltonen <tjaalton@debian.org>  Wed, 14 Dec 2022 16:26:30 +0200

xwayland (2:22.1.5-1) unstable; urgency=medium

  * New upstream release.

 -- Timo Aaltonen <tjaalton@debian.org>  Thu, 03 Nov 2022 15:38:36 +0100

xwayland (2:22.1.3-2) unstable; urgency=medium

  [ Daniel van Vugt ]
  * Add xwayland-Detect-gbm_bo_get_fd_for_plane-at-runtime.patch

 -- Timo Aaltonen <tjaalton@debian.org>  Thu, 25 Aug 2022 13:03:43 +0300

xwayland (2:22.1.3-1) unstable; urgency=medium

  * New upstream release.
    - CVE-2022-2319, CVE-2022-2320

 -- Timo Aaltonen <tjaalton@debian.org>  Tue, 26 Jul 2022 14:39:48 +0300

xwayland (2:22.1.2-1) unstable; urgency=medium

  * New upstream release.

 -- Timo Aaltonen <tjaalton@debian.org>  Thu, 02 Jun 2022 15:16:00 +0300

xwayland (2:22.1.1-1) unstable; urgency=medium

  * New upstream release.

 -- Timo Aaltonen <tjaalton@debian.org>  Fri, 01 Apr 2022 09:40:47 +0300

xwayland (2:22.1.0-1) unstable; urgency=medium

  * New upstream release.
  * control: Bump policy to 4.6.0.

 -- Timo Aaltonen <tjaalton@debian.org>  Wed, 16 Feb 2022 20:20:06 +0200

xwayland (2:22.0.99.902-1) unstable; urgency=medium

  * New upstream release candidate.
  * control: Add libxcvt-dev to build-depends.

 -- Timo Aaltonen <tjaalton@debian.org>  Thu, 03 Feb 2022 12:56:33 +0200

xwayland (2:21.1.4-1) unstable; urgency=medium

  * New upstream release.
  * render: Fix out of bounds access in SProcRenderCompositeGlyphs()
    [CVE-2021-4008]
  * xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier()
    [CVE-2021-4009]
  * Xext: Fix out of bounds access in SProcScreenSaverSuspend()
    [CVE-2021-4010]
  * record: Fix out of bounds access in SwapCreateRegister()
    [CVE-2021-4011]

 -- Timo Aaltonen <tjaalton@debian.org>  Tue, 14 Dec 2021 16:19:18 +0200

xwayland (2:21.1.3-1) unstable; urgency=medium

  * Initial release. (Closes: #981841, #992146)

 -- Timo Aaltonen <tjaalton@debian.org>  Mon, 08 Nov 2021 16:39:28 +0200
